WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact
WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

NextGen Gallery < 3.5.0 - CSRF allows File Upload

Description

It was possible to bypass the "validate_ajax_request" function used to control access to ajax functions by sending a request without a nonce parameter. This could be used to upload arbitrary code to an image file. Although the uploaded file must be a valid image, it is possible to include PHP code in a valid image, which would be executed if included using the vulnerability in CVE-2020-35942

Affects Plugins

nextgen-gallery
Fixed in version 3.5.0

References

CVE
CVE-2020-35943
URL
https://www.wordfence.com/blog/2021/02/severe-vulnerabilities-patched-in-nextgen-gallery-affect-over-800000-wordpress-sites/

Classification

Type

CSRF

OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352

Miscellaneous

Original Researcher

Ramuel Gall

Submitter

Ramuel Gall

Submitter twitter
ramuelgall
Verified

No

WPVDB ID
7e1f1083-4c41-41c8-bbf0-640484384196

Timeline

Publicly Published

2021-02-08 (about 1 years ago)

Added

2021-02-08 (about 1 years ago)

Last Updated

2021-02-09 (about 1 years ago)

Our Other Services

WPScan WordPress Security Plugin
WPScan

Vulnerabilities

WordPressPluginsThemesOur StatsSubmit vulnerabilities

About

How it worksPricingWordPress pluginNewsContact

For Developers

StatusAPI detailsCLI scanner

Other

PrivacyTerms of serviceDisclosure policy
jetpackIn partnership with Jetpack
githubtwitterfacebook
Angithubendeavor
Work With Us